-
Notifications
You must be signed in to change notification settings - Fork 1
/
postgraphile.tags.json5
95 lines (95 loc) · 3.41 KB
/
postgraphile.tags.json5
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
{
/**
* Smart tag definitions to manipulate the exposed GraphQL schema from
* Postgraphile.
* See documentation:
* - https://www.graphile.org/postgraphile/smart-tags/
* - https://www.graphile.org/postgraphile/smart-tags-file/
*/
version: 1,
config: {
class: {
/**
* The foreign key references on these tables create "virtual" links to
* the new "user_list" view to preserve the GraphQL structure from each of
* these nodes.
*/
application: {
tags: {
foreignKey: '(user_id) references user_list(id)',
},
},
review_assignment: {
tags: {
foreignKey: [
'(reviewer_id) references user_list(id)',
'(assigner_id) references user_list(id)',
],
},
},
review: {
tags: {
foreignKey: '(reviewer_id) references user_list(id)',
},
},
review_assignment_assigner_join: {
tags: {
foreignKey: '(assigner_id) references user_list(id)',
},
},
application_note: {
tags: {
foreignKey: '(user_id) references user_list(id)',
},
},
permission_join: {
tags: {
foreignKey: '(user_id) references user_list(id)',
},
},
/**
* This is the original "user" table. We hide it from the GraphQL schema
* for privacy reasons and replace it with a more limited "user_list"
* view. It is also renamed, which frees up the "user" name for the
* "user_list_admin" view, which means existing data_views can access the
* user list without re-configuration.
*/
user: {
tags: { omit: 'read,update,create,delete,all,many', name: 'hiddenUser' },
},
/**
* Two additional views are created in Postgres:
* - "user_list": same as the "user" table, but only exposing the name and
* id columns. This is publically accessible (no row-level security), so
* important not to expose personal information. This view is what is
* included in the GraphQL schema (as above). Any requests for data
* other than these name fields must go through the 'data view'
* endpoints, which are restricted appropriately based on permission and
* data view configuration.
* - "user_list_admin": the full "user" table, but with row-level security
* enabled (all rows blocked except for Admin). Used when querying
* "users" via GraphQL in the back end (in data view endpoints). The
* reason for this additional view rather than just using the original
* "user" table in this way is that the "user" table causes foreign key
* conflicts with the above artificial foreign key links, whereas a view
* doesn't. It is also renamed to "user", so it appears the same as the
* original "user" table to existing data view configs.
*/
user_list_admin: {
tags: {
name: 'user',
},
},
/**
* This recreates the GraphQL link from the "organisation" table to the
* "user" table, which allows back-end data view queries to drill down to
* connected orgs from the "user_list_admin" view.
*/
user_organisation: {
tags: {
foreignKey: '(user_id) references user_list_admin(id)|@foreignFieldName userOrganisations',
},
},
},
},
}